You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@turbine.apache.org by Benjamin Hille <be...@notuskey.com> on 2002/02/25 18:10:00 UTC

How to make some tamplet public (ie no login requiered)

Hello,
I am using the TDK for Turbine 2.1, and I cannot find a way of making part
of my layout/template public.
Most of my aplication needs logging to be used but, i have a part which must
be freely accessible also this part has his own layout.
Thanks in advance for your help.
Benjamin


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

RE: How to make some tamplet public (ie no login requiered)

Posted by Jason van Zyl <jv...@zenplex.com>.
On Mon, 2002-02-25 at 12:34, Skip Walker wrote:
> 
> 
> Okay, I'm absolutely baffled.  Why do you need to mess with the
> SessionValidator in order to have a public portion of a web application?

This is only one way to do it, there are many ways you could do it in
turbine 2.x which will change in turbine 3.x to be more concise. The
session validator what actually directs you to a page believe it or not.
I only discovered this when breaking turbine apart into t3. I only
suggested what I thought might be easier with the default TDK sample app
setup.

> We've built an application that has both public and secure (login required
> areas).  The public screen templates all use a screen class that extends
> from VelocityScreen, and the private screen templates extend from a Screen
> that extends VelocitySecureScreen, and makes a call to our PolicyService to
> determine whether a user has the appropriate permissions to access the
> requested screen.  (Note: this design I pretty much garnered from post to
> this list, and the archives).  The layouts for the screens are all
> determined based on Turbine's algorithm for finding the associated layout
> for a given screen template.

Yes, a policy is the way to go.

> Why would one need to mess with the SessionValidator?  I'm baffled.

Duly noted :-) We are trying to make things less baffling in t3.
 
> Skip
> 
> 
> > -----Original Message-----
> > From: Jason van Zyl [mailto:jvanzyl@zenplex.com]
> > Sent: Monday, February 25, 2002 11:21 AM
> > To: Turbine Users List
> > Subject: Re: How to make some tamplet public (ie no login requiered)
> >
> >
> > On Mon, 2002-02-25 at 12:10, Benjamin Hille wrote:
> > > Hello,
> > > I am using the TDK for Turbine 2.1, and I cannot find a way
> > of making part
> > > of my layout/template public.
> > > Most of my aplication needs logging to be used but, i have
> > a part which must
> > > be freely accessible also this part has his own layout.
> > > Thanks in advance for your help.
> >
> > With Turbine 2.x all the session validators require security
> > (which I'm
> > sure you've discovered now) ... So what I would recommend in a 2.x
> > environment is to create a SessionValidator that can take a
> > peek at the
> > URL before doing anything. You can probably make something using a
> > simple string comparison (or even a regular expression) and if it's a
> > path that doesn't require security then by pass security.
> >
> > You can probably modify one this file:
> >
> > http://cvs.apache.org/viewcvs/jakarta-turbine-2/src/java/org/a
> pache/turbine/modules/actions/sessionvalidator/TemplateSecureSessionValidato
> r.java?rev=1.3&content-type=text/vnd.viewcvs-markup
> 
> Before the data.populate() you could do something like:
> 
> -> get url path
> -> get a list of insecure paths from the TRP
> -> if you get a match bypass security otherwise use security
> 
> Let me know if you need further help, this might be a class worth
> introducing into the t2 branch.
> 
> > Benjamin
> >
> >
> > --
> > To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> > For additional commands, e-mail:
> <ma...@jakarta.apache.org>
> --
> jvz.
> 
> Jason van Zyl
> jvanzyl@apache.org
> 
> http://tambora.zenplex.org
> 
> 
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
> 
> 
> --
> To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
-- 
jvz.

Jason van Zyl
jvanzyl@apache.org

http://tambora.zenplex.org


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

RE: How to make some tamplet public (ie no login requiered)

Posted by Benjamin Hille <be...@notuskey.com>.
That is what I have done so far, but whatever URL I put I get the login
screen back...
My directory structure is like that
/templates/app
            layouts/
                Default.vm
                Login.vm
                endentity/
                   Default.vm
            screens/
                Index.vm
                ...
                endentity/
                   EndEntityVerif.vm
            navigations/
                ...

And I have a java class EndEntityVerif which extends VelocityScreen.

What URL should I have to load the EndEntityVerif.vm in the
EndEntity/Default.vm layout.
What ever I tried I get the login screen. If I am logged in I can get
EndEntityVerif.vm loaded in the TDK default layout but the EndEntityVerif
java class is not loading...
I am running out of ideas.

Thanks,
Benjamin

-----Original Message-----
From:
turbine-user-return-8525-benjamin.hille=notuskey.com@jakarta.apache.org
[mailto:turbine-user-return-8525-benjamin.hille=notuskey.com@jakarta.apa
che.org]On Behalf Of Skip Walker
Sent: 25 February 2002 17:34
To: 'Turbine Users List'
Subject: RE: How to make some tamplet public (ie no login requiered)




Okay, I'm absolutely baffled.  Why do you need to mess with the
SessionValidator in order to have a public portion of a web application?

We've built an application that has both public and secure (login required
areas).  The public screen templates all use a screen class that extends
from VelocityScreen, and the private screen templates extend from a Screen
that extends VelocitySecureScreen, and makes a call to our PolicyService to
determine whether a user has the appropriate permissions to access the
requested screen.  (Note: this design I pretty much garnered from post to
this list, and the archives).  The layouts for the screens are all
determined based on Turbine's algorithm for finding the associated layout
for a given screen template.

Why would one need to mess with the SessionValidator?  I'm baffled.

Skip


> -----Original Message-----
> From: Jason van Zyl [mailto:jvanzyl@zenplex.com]
> Sent: Monday, February 25, 2002 11:21 AM
> To: Turbine Users List
> Subject: Re: How to make some tamplet public (ie no login requiered)
>
>
> On Mon, 2002-02-25 at 12:10, Benjamin Hille wrote:
> > Hello,
> > I am using the TDK for Turbine 2.1, and I cannot find a way
> of making part
> > of my layout/template public.
> > Most of my aplication needs logging to be used but, i have
> a part which must
> > be freely accessible also this part has his own layout.
> > Thanks in advance for your help.
>
> With Turbine 2.x all the session validators require security
> (which I'm
> sure you've discovered now) ... So what I would recommend in a 2.x
> environment is to create a SessionValidator that can take a
> peek at the
> URL before doing anything. You can probably make something using a
> simple string comparison (or even a regular expression) and if it's a
> path that doesn't require security then by pass security.
>
> You can probably modify one this file:
>
> http://cvs.apache.org/viewcvs/jakarta-turbine-2/src/java/org/a
pache/turbine/modules/actions/sessionvalidator/TemplateSecureSessionValidato
r.java?rev=1.3&content-type=text/vnd.viewcvs-markup

Before the data.populate() you could do something like:

-> get url path
-> get a list of insecure paths from the TRP
-> if you get a match bypass security otherwise use security

Let me know if you need further help, this might be a class worth
introducing into the t2 branch.

> Benjamin
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
jvz.

Jason van Zyl
jvanzyl@apache.org

http://tambora.zenplex.org


--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>


--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

RE: How to make some tamplet public (ie no login requiered)

Posted by Skip Walker <sk...@skipwalker.com>.

Okay, I'm absolutely baffled.  Why do you need to mess with the
SessionValidator in order to have a public portion of a web application?

We've built an application that has both public and secure (login required
areas).  The public screen templates all use a screen class that extends
from VelocityScreen, and the private screen templates extend from a Screen
that extends VelocitySecureScreen, and makes a call to our PolicyService to
determine whether a user has the appropriate permissions to access the
requested screen.  (Note: this design I pretty much garnered from post to
this list, and the archives).  The layouts for the screens are all
determined based on Turbine's algorithm for finding the associated layout
for a given screen template.

Why would one need to mess with the SessionValidator?  I'm baffled.

Skip


> -----Original Message-----
> From: Jason van Zyl [mailto:jvanzyl@zenplex.com]
> Sent: Monday, February 25, 2002 11:21 AM
> To: Turbine Users List
> Subject: Re: How to make some tamplet public (ie no login requiered)
>
>
> On Mon, 2002-02-25 at 12:10, Benjamin Hille wrote:
> > Hello,
> > I am using the TDK for Turbine 2.1, and I cannot find a way
> of making part
> > of my layout/template public.
> > Most of my aplication needs logging to be used but, i have
> a part which must
> > be freely accessible also this part has his own layout.
> > Thanks in advance for your help.
>
> With Turbine 2.x all the session validators require security
> (which I'm
> sure you've discovered now) ... So what I would recommend in a 2.x
> environment is to create a SessionValidator that can take a
> peek at the
> URL before doing anything. You can probably make something using a
> simple string comparison (or even a regular expression) and if it's a
> path that doesn't require security then by pass security.
>
> You can probably modify one this file:
>
> http://cvs.apache.org/viewcvs/jakarta-turbine-2/src/java/org/a
pache/turbine/modules/actions/sessionvalidator/TemplateSecureSessionValidato
r.java?rev=1.3&content-type=text/vnd.viewcvs-markup

Before the data.populate() you could do something like:

-> get url path
-> get a list of insecure paths from the TRP
-> if you get a match bypass security otherwise use security

Let me know if you need further help, this might be a class worth
introducing into the t2 branch.

> Benjamin
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
jvz.

Jason van Zyl
jvanzyl@apache.org

http://tambora.zenplex.org


--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

RE: How to make some tamplet public (ie no login requiered)

Posted by Benjamin Hille <be...@notuskey.com>.
In TemplateSessionValidator, doPerform
(http://cvs.apache.org/viewcvs/jakarta-turbine-2/src/java/org/apache/turbine
/modules/actions/sessionvalidator/TemplateSessionValidator.java?rev=1.3&cont
ent-type=text/vnd.viewcvs-markupthere) is the following code:


       // The user may have not logged in, so create a "guest" user.
        if ( data.getUser() == null )
        {
            data.setUser(TurbineSecurity.getAnonymousUser());
            data.save();
        }

Could I make use of that ? If yes how does it work ?
Thanks,
Benjamin
-----Original Message-----
From:
turbine-user-return-8523-benjamin.hille=notuskey.com@jakarta.apache.org
[mailto:turbine-user-return-8523-benjamin.hille=notuskey.com@jakarta.apa
che.org]On Behalf Of Jason van Zyl
Sent: 25 February 2002 17:21
To: Turbine Users List
Subject: Re: How to make some tamplet public (ie no login requiered)


On Mon, 2002-02-25 at 12:10, Benjamin Hille wrote:
> Hello,
> I am using the TDK for Turbine 2.1, and I cannot find a way of making part
> of my layout/template public.
> Most of my aplication needs logging to be used but, i have a part which
must
> be freely accessible also this part has his own layout.
> Thanks in advance for your help.

With Turbine 2.x all the session validators require security (which I'm
sure you've discovered now) ... So what I would recommend in a 2.x
environment is to create a SessionValidator that can take a peek at the
URL before doing anything. You can probably make something using a
simple string comparison (or even a regular expression) and if it's a
path that doesn't require security then by pass security.

You can probably modify one this file:

http://cvs.apache.org/viewcvs/jakarta-turbine-2/src/java/org/apache/turbine/
modules/actions/sessionvalidator/TemplateSecureSessionValidator.java?rev=1.3
&content-type=text/vnd.viewcvs-markup

Before the data.populate() you could do something like:

-> get url path
-> get a list of insecure paths from the TRP
-> if you get a match bypass security otherwise use security

Let me know if you need further help, this might be a class worth
introducing into the t2 branch.

> Benjamin
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
jvz.

Jason van Zyl
jvanzyl@apache.org

http://tambora.zenplex.org


--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: How to make some tamplet public (ie no login requiered)

Posted by Jason van Zyl <jv...@zenplex.com>.
On Mon, 2002-02-25 at 12:10, Benjamin Hille wrote:
> Hello,
> I am using the TDK for Turbine 2.1, and I cannot find a way of making part
> of my layout/template public.
> Most of my aplication needs logging to be used but, i have a part which must
> be freely accessible also this part has his own layout.
> Thanks in advance for your help.

With Turbine 2.x all the session validators require security (which I'm
sure you've discovered now) ... So what I would recommend in a 2.x
environment is to create a SessionValidator that can take a peek at the
URL before doing anything. You can probably make something using a
simple string comparison (or even a regular expression) and if it's a
path that doesn't require security then by pass security.

You can probably modify one this file:

http://cvs.apache.org/viewcvs/jakarta-turbine-2/src/java/org/apache/turbine/modules/actions/sessionvalidator/TemplateSecureSessionValidator.java?rev=1.3&content-type=text/vnd.viewcvs-markup

Before the data.populate() you could do something like:

-> get url path
-> get a list of insecure paths from the TRP
-> if you get a match bypass security otherwise use security

Let me know if you need further help, this might be a class worth
introducing into the t2 branch.

> Benjamin
> 
> 
> --
> To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
-- 
jvz.

Jason van Zyl
jvanzyl@apache.org

http://tambora.zenplex.org


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>